Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers

[snusmu]

Describe the bug

I tried using this credential configure action today, with a very basic workflow, but i am getting an error:

Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers

Seemingly someone else also has this error with the workflow while they didnt have it before: #680 (comment)

Expected Behavior

Expected authentication to suceed

Current Behavior

Authentication results in an error

Reproduction Steps

jobs:
  myrepo-test:
    runs-on: ubuntu-latest
    steps:
      - name: Configure credentials
        uses: aws-actions/configure-aws-credentials@v2
        with:
          aws-region: us-east-1
          role-to-assume: arn:aws:iam::000000000000:role/github-s3-test
          role-session-name: GithubActionDeployment

Role trusted entities in AWS:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Federated": "arn:aws:iam::000000000000:oidc-provider/token.actions.githubusercontent.com"
            },
            "Action": "sts:AssumeRoleWithWebIdentity",
            "Condition": {
                "StringEquals": {
                    "token.actions.githubusercontent.com:aud": "sts.amazonaws.com"
                },
                "StringLike": {
                    "token.actions.githubusercontent.com:sub": "repo: myorg/myrepo:*"
                }
            }
        }
    ]
}

Results in an error like this:

Run aws-actions/configure-aws-credentials@v2
  with:
    aws-region: us-east-1
    role-to-assume: arn:aws:iam::000000000000:role/github-s3-test
    role-session-name: GithubActionDeployment
    audience: sts.amazonaws.com
  env:
    BRANCH_NAME: XXX-mybranch
(node:1641) NOTE: We are formalizing our plans to enter AWS SDK for JavaScript (v2) into maintenance mode in 2023.

Please migrate your code to use AWS SDK for JavaScript (v3).
For more information, check the migration guide at https://a.co/7PzMCcy
(Use `node --trace-warnings ...` to show where the warning was created)
Error: Credentials could not be loaded, please check your action inputs: Could not load credentials from any providers

Possible Solution

No response

Additional Information/Context

No response

[peterwoodworth]

Could you post your full workflow file please? Do you have the id-token permission enabled?

We haven't made a change to the v2 tag in a few weeks, so either GitHub changed something on their end, or this workflow file isn't setup properly (though that wouldn't explain why it stopped failing for a couple people last Friday)

[snusmu]

allright so in my case it was noob oversight, adding this indeed solved the problem:

permissions:
  id-token: write
  contents: read

[github-actions]

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

[peterwoodworth]

We'll have a better error message for this in v3 :)